Botnets – How are they used?Sending SpamDenial of Service AttacksID TheftSpyware Delivery
Botnets – How are they used? ID Theft DDoS / SPAM attracted attention – botnets were shut down ISPs and Victims would monitor attacks to find bots Badguys discovered that they could make $$$$ instead
Botnets – How are they used? Spyware Spyware / Adware used for advertisement delivery Popups Affiliate programs pay per install Bot Herders will install the spyware on their bots in order to get paid
Botnets and eCommerce Specificuses of botnets targeted at abusing eCommerce users ID theft combined with proxy Dynamic Phishing Sites
Cases Simple case: mule receives money to a bank account and moves the money to an other bank account Complex case: mule receives money via online payment system, transfers the money via bank to an other account to an other mule; next mule transfers the money through online payment system to a different mule – all actions happen in different states
Example of Fraudulent Scheme •Fraud groups from set up spoof sites all over the world •They convince victims to send money/goods to Spain, Italy, France, Belgium and more recently the UK • Runners or Arrows collect the money/goods from around the world and send it back to Fraudster Money flows
Investigation – challenges for law enforcement Where did the crime happen? Is the crime a crime in the jurisdictions involved? Who will investigate it? Who is behind it? Tracing back…
Tracing……… While its happening - where is the illegal activity taking place – who are the parties involved? Using information provided by ISPs and other communications providers – different legal requirements Encrypted communications
Tracing… Preservation of data Information kept must be sufficient to allow tracing Fast sharing of information
Sharing electronic evidence internationally How long does it take to share information between two countries? What other challenges we have in the process?
Challenges Legislation and jurisdiction Sufficient resources and personnel Localizing and identifying the “bad guys” Collect and share evidence internationally
Legal Instruments CoE Cybercrime Convention - 2001 Council Framework Decision 2005/222/JHA on attacks against information systems; Council Framework Decision 2004/68/JHA on combating the sexual exploitation of children and child pornography.
1. Definition of cyber-crime Technology is rapidly evolving Definition – open, flexible, vague Balance between open legal requirements and national constitutional prohibitions Technology neutral language
Definition CoE Convention – technology neutral language - Art 1 Computer system Computer data Service provider
Definition No universally accepted definition Crimes related to cyberspace: no longer computer and internet crime “Information systems” – any device or a group of interconnected or related devices “Data” E.g. Personal digital assistant, modern car, mobile phone
Chapter II, Measures to be taken at the national level - Substantive criminal law Title I – Offences against the confidentiality, integrity and availability of data – illegal access, illegal interception, data interference, system interference, misuse of devices Title II – Computer-related offences – forgery, fraud; Title III - Content-related offences - child pornography/ Protocol – hate speech Title IV – Offences related to the infringements of copyright and related rights – copyright and related rights
Council Framework Decision 2005/222/JHA on attacks against information systems Approximation of criminal law systems: Illegal access to information systems Illegal system interference Illegal data interference
Example – cyber terrorism case Large scale attack against information systems – E.g. terrorist would attack information systems essential for international capital markets and break them down A computer-related offence – E.g. terrorist would take over an information system managing a nuclear facility and trigger a nuclear meltdown A content-related offence – E.g. terrorist disseminate propaganda/blueprints for bombs
Example Criminal Hate speech: Drafted in one place, transmitted Through other and uploaded on a server in a third, viewed by the whole world State BState State A C
2. Determining Jurisdiction CoE Cybercrime Convention: Territoriality principle Personality principle Protection principle Council Framework Decision 2005/222/JHA on attacks against information systems Territoriality principle Nationality principle When several MS have jurisdiction – decide Council Framework Decision 2004/68/JHA on combating the sexual exploitation of children and child pornography Territoriality principle Active personality principle The offence committed for the benefit of a legal person established in the territory of that MS
Problems Dual criminality Dual illegality Legal harmonization – for extraterritorial or universal jurisdiction
Toben Case – dual criminality/illegality Site was viewed byIn 1999 Australian national Neo-Nazis Created a website in Australia, in EnglishWhich included a statementThat Shoa never happened Auschwitz denial is a crime In Germany Under territoriality principle
Counter example Advertisement of beer in GermanyCan be accessed in Islamic countries
Counter example German Internet Blog critical of a dictatorship In the Far East Blog is accessible in these countriesConclusion: Degree of legal harmonization is necessary for legitimateExtraterritorial or even universal jurisdiction
3. Investigation: CoE Cybercrime Convention provisions Title 2 – Expedited preservation of stored computer data – “quick freeze” Title 3 – Production order Title 4 – Search and Seizure of stored computer data Title 5 – Real-time collection of computer data
Problems The use of remote forensic software to carry out remote search procedures, record VOIP communications, log keystrokes and passwords, identify IP addresses Data retention/data privacy Data Retention Directive – telecommunication service providers - anybodies traffic for up to 6 months Production order – produce specific data – passwords, encryption codes Proportional measures
4. International Cooperation “Loopholes of jurisdiction” Cooperation is necessary: Extradition – serious crime offenses Mutual legal assistance Minimum of harmonization on substantive and procedural laws Private-public partnerships
4. International Cooperation – CoE Convention Cooperation: Art. 24 Extradition Art. 25 Mutual Legal Assistance Art. 26 Spontaneous information Coordination: which state should do what – points of contact Harmonization: Substantive Procedural
Solutions: Adopt adequate legislation Assure sufficient law enforcement personnel with adequate training and resources Partnerships with industry Public awareness
Crime in a virtual world? Should we be concerned? Do worlds collide?
Virtual worlds In worlds populations: Second Life (with over 16 million) Warcraft (12 million paid subscribers) Disney Club Penquin (expected to attract over 30 million participants) Together the population of these three virtual worlds alone exceeds the real- world populations of Canada, Australia and Ireland combined
Interesting stats 567 mil. $ user to user transactions in 2009 65% jump from 2008 770.000 unique users made repeat visits to SL in December 2009 Residents cashed 55 mil. $ transferring to PayPal Land barons make 12 mil. $ untidily per year Users control IPRs of what they build Average price per island is 1000 $
Virtual money Money launderers can now move illicit cash through the growing number of virtual reality role-playing games, and convert that cash into real currency before withdrawing it from ATMs worldwide. One wonders just how many laundrymen have tumbled to this cyberlaundering opportunity. Compliance officers at financial institutions please note that their banks may be guilty of money laundering if it facilitates deposits or payments in these virtual worlds, for there is no functional due diligence on players or recipients.